diff options
Diffstat (limited to 'machines/nixos/x86_64-linux/digitalocean.nix')
| -rw-r--r-- | machines/nixos/x86_64-linux/digitalocean.nix | 119 |
1 files changed, 0 insertions, 119 deletions
diff --git a/machines/nixos/x86_64-linux/digitalocean.nix b/machines/nixos/x86_64-linux/digitalocean.nix deleted file mode 100644 index 1a011e1..0000000 --- a/machines/nixos/x86_64-linux/digitalocean.nix +++ /dev/null @@ -1,119 +0,0 @@ -{ - adminUser, - config, - lib, - modulesPath, - self, - ... -}: -{ - age = { - secrets = { - wireguard = { - file = "${self}/secrets/do/wireguard.age"; - }; - }; - }; - - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - (modulesPath + "/virtualisation/digital-ocean-config.nix") - "${self}/profiles/home-manager.nix" - "${self}/profiles/admin-user/user.nix" - "${self}/profiles/admin-user/home-manager.nix" - "${self}/profiles/disk/vm.nix" - "${self}/profiles/server.nix" - ]; - - disko.devices.disk.disk1.device = "/dev/vda"; - - # do not use DHCP, as DigitalOcean provisions IPs using cloud-init - networking.useDHCP = lib.mkForce false; - - networking.hostName = "do-jump"; - - boot.loader.grub = { - efiSupport = true; - efiInstallAsRemovable = true; - }; - - home-manager.users.${adminUser.name} = { - imports = [ - "${self}/home/profiles/minimal.nix" - ]; - }; - - # this one seems to always be broken - systemd.services.growpart.enable = false; - - # in order to get networking setup we need to enable it in cloud-init - # Disables all modules that do not work with NixOS - # Based on https://github.com/nix-community/nixos-anywhere-examples/blob/7f945ff0ae676c0eb77360b892add91328dd1f17/digitalocean.nix - services.cloud-init = { - enable = true; - network.enable = true; - settings = { - datasource_list = [ - "ConfigDrive" - "Digitalocean" - ]; - datasource.ConfigDrive = { }; - datasource.Digitalocean = { }; - # Based on https://github.com/canonical/cloud-init/blob/main/config/cloud.cfg.tmpl - cloud_init_modules = [ - "seed_random" - "bootcmd" - "write_files" - "growpart" - "resizefs" - "set_hostname" - "update_hostname" - "set_password" - ]; - cloud_config_modules = [ - "ssh-import-id" - "keyboard" - "runcmd" - "disable_ec2_metadata" - ]; - cloud_final_modules = [ - "write_files_deferred" - "puppet" - "chef" - "ansible" - "mcollective" - "salt_minion" - "reset_rmc" - "scripts_per_once" - "scripts_per_boot" - "scripts_user" - "ssh_authkey_fingerprints" - "keys_to_console" - "install_hotplug" - "phone_home" - "final_message" - ]; - }; - }; - - networking.wireguard = { - enable = true; - interfaces.wg0 = { - ips = [ "10.100.0.50/32" ]; - listenPort = 51871; - privateKeyFile = config.age.secrets.wireguard.path; - peers = [ - { - publicKey = "bJZyQoemudGJQox8Iegebm23c4BNVIxRPy1kmI2l904="; - allowedIPs = [ "10.100.0.0/24" ]; - persistentKeepalive = 25; - } - ]; - }; - }; - - networking.firewall.trustedInterfaces = [ "wg0" ]; - networking.firewall.allowedUDPPorts = [ 51871 ]; - - system.stateVersion = "25.05"; # Did you read the comment? -} |